JBossWeb SVN: r2397 - branches/2.1.x/java/javax/el.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-03-24 05:19:51 -0400 (Mon, 24 Mar 2014)
New Revision: 2397
Modified:
branches/2.1.x/java/javax/el/BeanELResolver.java
Log:
JBWEB-293: Add submitted patch for NPE.
Modified: branches/2.1.x/java/javax/el/BeanELResolver.java
===================================================================
--- branches/2.1.x/java/javax/el/BeanELResolver.java 2014-03-21 14:35:49 UTC (rev 2396)
+++ branches/2.1.x/java/javax/el/BeanELResolver.java 2014-03-24 09:19:51 UTC (rev 2397)
@@ -344,7 +344,8 @@
while (iter.hasNext()) {
Class<?> key = iter.next();
BeanProperties bp = cache.get(key);
- if(bp.getType().getClassLoader().equals(classloader)){
+ if (bp.getType().getClassLoader() != null && bp.getType().getClassLoader().equals(classloader)){
+ // JBWEB-293, avoid NPE if key's name is like java.lang.Class, getClassLoader() returns null to represent the bootstrap class loader
iter.remove();
}
}
10 years, 9 months
JBossWeb SVN: r2396 - tags.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-03-21 10:35:49 -0400 (Fri, 21 Mar 2014)
New Revision: 2396
Added:
tags/JBOSSWEB_2_1_16_GA/
Log:
New 2.1.16 build.
10 years, 9 months
JBossWeb SVN: r2395 - branches/2.1.x.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-03-21 10:35:05 -0400 (Fri, 21 Mar 2014)
New Revision: 2395
Modified:
branches/2.1.x/build.properties.default
Log:
New 2.1.16 build.
Modified: branches/2.1.x/build.properties.default
===================================================================
--- branches/2.1.x/build.properties.default 2014-03-20 10:02:47 UTC (rev 2394)
+++ branches/2.1.x/build.properties.default 2014-03-21 14:35:05 UTC (rev 2395)
@@ -12,7 +12,7 @@
# ----- Version Control Flags -----
version.major=2
version.minor=1
-version.build=15
+version.build=16
version.patch=0
version.tag=GA
10 years, 9 months
JBossWeb SVN: r2394 - in branches/2.1.x/java/org/apache/coyote: http11 and 1 other directory.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-03-20 06:02:47 -0400 (Thu, 20 Mar 2014)
New Revision: 2394
Modified:
branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java
branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java
branches/2.1.x/java/org/apache/coyote/http11/Http11AprProcessor.java
branches/2.1.x/java/org/apache/coyote/http11/Http11Processor.java
Log:
Port fix for CVE-2013-4286 (BZ 1074417).
Modified: branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java
===================================================================
--- branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java 2014-03-18 10:29:10 UTC (rev 2393)
+++ branches/2.1.x/java/org/apache/coyote/ajp/AjpAprProcessor.java 2014-03-20 10:02:47 UTC (rev 2394)
@@ -25,6 +25,8 @@
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.coyote.ActionCode;
import org.apache.coyote.ActionHook;
import org.apache.coyote.Adapter;
@@ -655,6 +657,7 @@
// Decode headers
MimeHeaders headers = request.getMimeHeaders();
+ boolean contentLengthSet = false;
int hCount = requestHeaderMessage.getInt();
for(int i = 0 ; i < hCount ; i++) {
String hName = null;
@@ -690,7 +693,16 @@
if (hId == Constants.SC_REQ_CONTENT_LENGTH ||
(hId == -1 && tmpMB.equalsIgnoreCase("Content-Length"))) {
// just read the content-length header, so set it
- request.setContentLength( vMB.getInt() );
+ long cl = vMB.getLong();
+ if (contentLengthSet) {
+ response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ error = true;
+ } else {
+ contentLengthSet = true;
+ // Set the content-length header for the request
+ if(cl < Integer.MAX_VALUE)
+ request.setContentLength( (int)cl );
+ }
} else if (hId == Constants.SC_REQ_CONTENT_TYPE ||
(hId == -1 && tmpMB.equalsIgnoreCase("Content-Type"))) {
// just read the content-type header, so set it
Modified: branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java
===================================================================
--- branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java 2014-03-18 10:29:10 UTC (rev 2393)
+++ branches/2.1.x/java/org/apache/coyote/ajp/AjpProcessor.java 2014-03-20 10:02:47 UTC (rev 2394)
@@ -27,6 +27,8 @@
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.coyote.ActionCode;
import org.apache.coyote.ActionHook;
import org.apache.coyote.Adapter;
@@ -660,6 +662,7 @@
// Decode headers
MimeHeaders headers = request.getMimeHeaders();
+ boolean contentLengthSet = false;
int hCount = requestHeaderMessage.getInt();
for(int i = 0 ; i < hCount ; i++) {
String hName = null;
@@ -695,7 +698,16 @@
if (hId == Constants.SC_REQ_CONTENT_LENGTH ||
(hId == -1 && tmpMB.equalsIgnoreCase("Content-Length"))) {
// just read the content-length header, so set it
- request.setContentLength( vMB.getInt() );
+ long cl = vMB.getLong();
+ if (contentLengthSet) {
+ response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ error = true;
+ } else {
+ contentLengthSet = true;
+ // Set the content-length header for the request
+ if(cl < Integer.MAX_VALUE)
+ request.setContentLength( (int)cl );
+ }
} else if (hId == Constants.SC_REQ_CONTENT_TYPE ||
(hId == -1 && tmpMB.equalsIgnoreCase("Content-Type"))) {
// just read the content-type header, so set it
Modified: branches/2.1.x/java/org/apache/coyote/http11/Http11AprProcessor.java
===================================================================
--- branches/2.1.x/java/org/apache/coyote/http11/Http11AprProcessor.java 2014-03-18 10:29:10 UTC (rev 2393)
+++ branches/2.1.x/java/org/apache/coyote/http11/Http11AprProcessor.java 2014-03-20 10:02:47 UTC (rev 2394)
@@ -1469,10 +1469,20 @@
// Parse content-length header
long contentLength = request.getContentLengthLong();
- if (contentLength >= 0 && !contentDelimitation) {
- inputBuffer.addActiveFilter
+ if (contentLength >= 0) {
+ if (contentDelimitation) {
+ // contentDelimitation being true at this point indicates that
+ // chunked encoding is being used but chunked encoding should
+ // not be used with a content length. RFC 2616, section 4.4,
+ // bullet 3 states Content-Length must be ignored in this case -
+ // so remove it.
+ headers.removeHeader("content-length");
+ request.setContentLength(-1);
+ } else {
+ inputBuffer.addActiveFilter
(inputFilters[Constants.IDENTITY_FILTER]);
- contentDelimitation = true;
+ contentDelimitation = true;
+ }
}
MessageBytes valueMB = headers.getValue("host");
Modified: branches/2.1.x/java/org/apache/coyote/http11/Http11Processor.java
===================================================================
--- branches/2.1.x/java/org/apache/coyote/http11/Http11Processor.java 2014-03-18 10:29:10 UTC (rev 2393)
+++ branches/2.1.x/java/org/apache/coyote/http11/Http11Processor.java 2014-03-20 10:02:47 UTC (rev 2394)
@@ -1273,10 +1273,20 @@
// Parse content-length header
long contentLength = request.getContentLengthLong();
- if (contentLength >= 0 && !contentDelimitation) {
- inputBuffer.addActiveFilter
+ if (contentLength >= 0) {
+ if (contentDelimitation) {
+ // contentDelimitation being true at this point indicates that
+ // chunked encoding is being used but chunked encoding should
+ // not be used with a content length. RFC 2616, section 4.4,
+ // bullet 3 states Content-Length must be ignored in this case -
+ // so remove it.
+ headers.removeHeader("content-length");
+ request.setContentLength(-1);
+ } else {
+ inputBuffer.addActiveFilter
(inputFilters[Constants.IDENTITY_FILTER]);
- contentDelimitation = true;
+ contentDelimitation = true;
+ }
}
MessageBytes valueMB = headers.getValue("host");
10 years, 9 months
JBossWeb SVN: r2393 - tags.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-03-18 06:29:10 -0400 (Tue, 18 Mar 2014)
New Revision: 2393
Added:
tags/JBOSSWEB_7_4_0_FINAL/
Log:
Web 7.4
10 years, 9 months
JBossWeb SVN: r2392 - branches/7.4.x.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-03-18 06:27:49 -0400 (Tue, 18 Mar 2014)
New Revision: 2392
Modified:
branches/7.4.x/pom.xml
Log:
New build.
Modified: branches/7.4.x/pom.xml
===================================================================
--- branches/7.4.x/pom.xml 2014-03-17 17:36:13 UTC (rev 2391)
+++ branches/7.4.x/pom.xml 2014-03-18 10:27:49 UTC (rev 2392)
@@ -33,7 +33,7 @@
<groupId>org.jboss.web</groupId>
<artifactId>jbossweb</artifactId>
- <version>7.4.0.Beta4</version>
+ <version>7.4.0.Final</version>
<name>JBoss Web</name>
<description>Servlet 3.0 container</description>
10 years, 9 months
JBossWeb SVN: r2391 - branches/7.4.x/src/main/java/org/apache/tomcat/websocket.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-03-17 13:36:13 -0400 (Mon, 17 Mar 2014)
New Revision: 2391
Modified:
branches/7.4.x/src/main/java/org/apache/tomcat/websocket/WsSession.java
Log:
Unrevert, although the spec says something about this being wrong, nothing can be done with a closed session, which only leads to problems.
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/websocket/WsSession.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/websocket/WsSession.java 2014-03-17 14:36:42 UTC (rev 2390)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/websocket/WsSession.java 2014-03-17 17:36:13 UTC (rev 2391)
@@ -405,8 +405,8 @@
state = State.CLOSING;
+ fireEndpointOnClose(closeReasonLocal);
sendCloseMessage(closeReasonMessage);
- fireEndpointOnClose(closeReasonLocal);
state = State.CLOSED;
}
@@ -428,8 +428,8 @@
synchronized (stateLock) {
if (state == State.OPEN) {
+ fireEndpointOnClose(closeReason);
sendCloseMessage(closeReason);
- fireEndpointOnClose(closeReason);
state = State.CLOSED;
}
10 years, 9 months
JBossWeb SVN: r2390 - in branches/7.4.x: webapps/docs and 1 other directory.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-03-17 10:36:42 -0400 (Mon, 17 Mar 2014)
New Revision: 2390
Modified:
branches/7.4.x/src/main/java/org/apache/jasper/compiler/Parser.java
branches/7.4.x/webapps/docs/sysprops.xml
Log:
Add submitted org.apache.jasper.compiler.Parser.OPTIMIZE_SCRIPTLETS system property.
Modified: branches/7.4.x/src/main/java/org/apache/jasper/compiler/Parser.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/jasper/compiler/Parser.java 2014-03-13 16:21:30 UTC (rev 2389)
+++ branches/7.4.x/src/main/java/org/apache/jasper/compiler/Parser.java 2014-03-17 14:36:42 UTC (rev 2390)
@@ -23,6 +23,7 @@
import java.net.URL;
import java.util.Iterator;
import java.util.List;
+import java.util.regex.Pattern;
import javax.servlet.jsp.tagext.TagAttributeInfo;
import javax.servlet.jsp.tagext.TagFileInfo;
@@ -38,7 +39,7 @@
* This class implements a parser for a JSP page (non-xml view). JSP page
* grammar is included here for reference. The token '#' that appears in the
* production indicates the current input token location in the production.
- *
+ *
* @author Kin-man Chung
* @author Shawn Bayern
* @author Mark Roth
@@ -76,6 +77,10 @@
private static final String JAVAX_BODY_CONTENT_TEMPLATE_TEXT = "JAVAX_BODY_CONTENT_TEMPLATE_TEXT";
+ private static final boolean OPTIMIZE_SCRIPTLETS = Boolean.valueOf(
+ System.getProperty("org.apache.jasper.compiler.Parser.OPTIMIZE_SCRIPTLETS",
+ "false")).booleanValue();
+
/**
* The constructor
*/
@@ -96,7 +101,7 @@
/**
* The main entry for Parser
- *
+ *
* @param pc
* The ParseController, use for getting other objects in compiler
* and for parsing included pages
@@ -244,12 +249,12 @@
String ret = null;
try {
char quote = watch.charAt(watch.length() - 1);
-
+
// If watch is longer than 1 character this is a scripting
// expression and EL is always ignored
boolean isElIgnored =
pageInfo.isELIgnored() || watch.length() > 1;
-
+
ret = AttributeParser.getUnquoted(reader.getText(start, stop),
quote, isElIgnored,
pageInfo.isDeferredSyntaxAllowedAsLiteral());
@@ -649,10 +654,61 @@
err.jspError(start, MESSAGES.unterminatedTag("<%="));
}
- new Node.Expression(parseScriptText(reader.getText(start, stop)),
- start, parent);
+ String expression = reader.getText(start, stop);
+ // check for string concatenation inside expressions, separating from expression allows for optimizations later on
+ if(!OPTIMIZE_SCRIPTLETS){
+ new Node.Expression(parseScriptText(expression),
+ start, parent);
+ }
+ else {
+ if (!matchesConcat(expression)) {
+ new Node.Expression(parseScriptText(expression),
+ start, parent);
+ } else {
+ //need to separate expressions being concatenated
+ expression = expression.replaceAll("\\+\\s*\"", "\\+ \"").replaceAll("\"\\s*\\+", "\" \\+");
+ String[] tokens = expression.split("((?=\\+\\s\")|(?<=\"\\s\\+))");
+ if (tokens.length > 1) {
+ for (String token : tokens) {
+ if (matchesStringLiteral(token) && !matchesStringParam(token)) {
+ //maybe evaluate the expression here before storing as text node?
+ new Node.TemplateText(cleanTextToken(token),
+ start, parent);
+ } else {
+ new Node.Expression(parseScriptText(cleanExprToken(token)),
+ start, parent);
+ }
+ }
+ } else {
+ //only have one token, therefore there is no string concatenation occurring and string literal is being used as part of expression
+ new Node.Expression(parseScriptText(tokens[0]),
+ start, parent);
+
+ }
+ }
+ }
}
+ private boolean matchesStringLiteral(String token) {
+ return Pattern.compile("\"").matcher(token).find() || "".equals(token.trim());
+ }
+
+ private boolean matchesStringParam(String token) {
+ return Pattern.compile("\"\\s*\\)|\\(\\s*\"").matcher(token).find();
+ }
+
+ private boolean matchesConcat(String token) {
+ return Pattern.compile("\\+\\s*\"|\"\\s*\\+").matcher(token).find();
+ }
+
+ private String cleanTextToken(String token) {
+ return cleanExprToken(token.trim().replaceAll("(?<!\\\\)\"|\t|\n|\r", "").replaceAll("\\\\\"","\""));
+ }
+
+ private String cleanExprToken(String token) {
+ return token.trim().replaceAll("^\\+|\\+$","").trim();
+ }
+
/*
* XMLExpressionBody ::= ( S? '/>' ) | ( S? '>' (Char* - (char* '<'))
* CDSect?)* ETag ) | <TRANSLATION_ERROR>
@@ -961,7 +1017,7 @@
/**
* Attempts to parse 'JspAttributeAndBody' production. Returns true if it
* matched, or false if not. Assumes EmptyBody is okay as well.
- *
+ *
* JspAttributeAndBody ::= ( '>' # S? ( '<jsp:attribute' NamedAttributes )? '<jsp:body' (
* JspBodyBody | <TRANSLATION_ERROR> ) S? ETag )
*/
Modified: branches/7.4.x/webapps/docs/sysprops.xml
===================================================================
--- branches/7.4.x/webapps/docs/sysprops.xml 2014-03-13 16:21:30 UTC (rev 2389)
+++ branches/7.4.x/webapps/docs/sysprops.xml 2014-03-17 14:36:42 UTC (rev 2390)
@@ -230,13 +230,18 @@
<code>true</code> will be used.</p>
</property>
- <property name="org.apache.jasper.Constants.DEFAULT_TAG_BUFFER_SIZE">
- <p>Any tag buffer that expands beyond
- <code>org.apache.jasper.Constants.DEFAULT_TAG_BUFFER_SIZE</code> will be
- destroyed and a new buffer created of the default size. If not specified,
- the default value of <code>512</code> will be used.</p>
+ <property name="org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING">
+ <p>If <code>false</code> the requirements for escpaing quotes in JSP
+ attributes will be relaxed so that a missing required quote will not
+ cause an error. If not specified, the specification compliant default of
+ <code>true</code> will be used.</p>
</property>
+ <property name="org.apache.jasper.compiler.Parser.OPTIMIZE_SCRIPTLETS">
+ <p>Optimize JSP scriptlets. If not specified,
+ the default value of <code>false</code> will be used.</p>
+ </property>
+
<property name="org.apache.jasper.runtime.JspFactoryImpl.USE_POOL">
<p>If <code>true</code>, a ThreadLocal <code>PageContext</code> pool will
be used. If not specified, the default value of <code>true</code> will be
10 years, 9 months
JBossWeb SVN: r2389 - branches/7.4.x/src/main/java/org/apache/tomcat/util/net.
by jbossweb-commits@lists.jboss.org
Author: jfrederic.clere(a)jboss.com
Date: 2014-03-13 12:21:30 -0400 (Thu, 13 Mar 2014)
New Revision: 2389
Modified:
branches/7.4.x/src/main/java/org/apache/tomcat/util/net/NioServerSocketChannelFactory.java
Log:
fix for BZ 1075695.
Modified: branches/7.4.x/src/main/java/org/apache/tomcat/util/net/NioServerSocketChannelFactory.java
===================================================================
--- branches/7.4.x/src/main/java/org/apache/tomcat/util/net/NioServerSocketChannelFactory.java 2014-03-13 14:48:38 UTC (rev 2388)
+++ branches/7.4.x/src/main/java/org/apache/tomcat/util/net/NioServerSocketChannelFactory.java 2014-03-13 16:21:30 UTC (rev 2389)
@@ -117,7 +117,10 @@
//
theFactory = new DefaultNioServerSocketChannelFactory(threadGroup);
- }
+ } else {
+ if (theFactory.threadGroup != threadGroup)
+ theFactory = new DefaultNioServerSocketChannelFactory(threadGroup);
+ }
try {
return (NioServerSocketChannelFactory) theFactory.clone();
10 years, 9 months
JBossWeb SVN: r2388 - tags.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2014-03-13 10:48:38 -0400 (Thu, 13 Mar 2014)
New Revision: 2388
Added:
tags/JBOSSWEB_7_3_1_FINAL/
Log:
New 7.3.1 build.
10 years, 9 months